The independent legal person organization registered in People's Republic of China (PRC) has a clear development process and a clear property right relationship. ?
Abide by relevant national laws, regulations and standards, have no record of violation of laws and regulations, and have a good credit status.
Second, the financial credit requirements
The organization and operation are normal, and the establishment of financial management system can provide necessary financial support for security services. ?
Third, the site requirements
Have a long-term fixed office space and suitable office conditions, which can meet the needs of institutional setup and business. ?
Fourth, personnel capacity requirements.
1)? The person in charge of the institution has more than 2 years of management experience in the field of information technology.
2)? The technical director has information security service management ability (consistent with the declared category) and passed the evaluation (consistent with the declared category).
3)? The project leader and project engineer have the technical ability of information security service (consistent with the declared category) and passed the examination.
Verb (abbreviation of verb) performance requirements
1)? Engaged in information security service (consistent with the declared category) for more than 4 months. ?
2)? At least 1 information security service projects have been signed and completed in recent 1 year (consistent with the declared category). ?
Six, service management requirements
1)? Establish and run personnel management procedures, identify the service ability requirements of security service personnel, and clarify the post responsibilities and technical ability requirements of security service personnel, and prove that they are competent for their duties through evaluation. ?
2)? Formulate a capacity-building plan for service personnel, including technologies, skills, management and awareness related to network and information security, and implement the plan to ensure that service personnel continue to be competent for their duties. ?
3)? Establish and run file management procedures, including organization management, service process management, quality management, etc. , and stipulate the document control of project generation, distribution, preservation, transmission, use (including delivery and internal use) and abandonment. ?
4)? Establish and run the project management procedures, define the operating procedures of organization, planning, implementation, risk control and delivery of service projects, and provide project risk management records. ?
5)? Establish and run confidentiality management procedures, define post confidentiality responsibilities, sign confidentiality agreements, and promptly educate relevant personnel on confidentiality. ?
6)? Establish and run supplier management procedures to ensure that their suppliers meet service safety requirements (only applicable to security integration, security operation and maintenance, disaster backup and recovery). ?
7)? Establish contract management procedures, formulate a unified contract template, and implement the information security service project according to the contract. According to customer requirements, protect sensitive customer information and intellectual property information, and ensure that service personnel understand customer requirements. ?
7, service technical requirements
a)? Establish the process required by information security service (consistent with the declaration category) and implement it according to the process. ?
b)? Formulate the specifications and standards required by information security service (consistent with the declared categories) and implement them according to the specifications.